62ea4071ffd09d2020c79c544459a6a30d8d109fa2f68e29966141fca6d0dd8c

Analysis

max time kernel
143s
max time network
136s
platform
windows7_x64
resource
win7-20240611-en
resource tags

arch:x64arch:x86image:win7-20240611-enlocale:en-usos:windows7-x64system
submitted
19/06/2024, 23:20

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe
Size

954KB
MD5

011efc291260ee55db07cf2173fd3e1c
SHA1

d4fb34ec689e7824efea57d2b9474ef30b7ffe5e
SHA256

62ea4071ffd09d2020c79c544459a6a30d8d109fa2f68e29966141fca6d0dd8c
SHA512

abc89eb99f0a23d91bf24262329d8f777e967871950380078cdcb0386dfbcd39e9c21c4c0a10f98de0a7527b33e47916f6a4ef5576ac993af577ec332272d4a0
SSDEEP

24576:Na0pkK634iCxCquSwHlctunkHnWb2QmXdTgqkizB:Na0pkIoCtueOPmjki1

Score

7^/10

aspackv2

Malware Config

Signatures

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x000c000000014497-165.dat	aspack_v212_v242

Deletes itself 1 IoCs

pid	Process
2964	cmd.exe

Executes dropped EXE 1 IoCs

pid	Process
2608	Destiny.exe

Loads dropped DLL 2 IoCs

pid	Process
2608	Destiny.exe
2976	IEXPLORE.EXE

Drops file in System32 directory 45 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\DNTException\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File created	C:\Windows\SysWOW64\Destiny.dll	Destiny.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\favicon[1].ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\desktop.ini	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatUACache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ieonline.microsoft[1]	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC	IEXPLORE.EXE
File opened for modification	C:\Windows\SysWOW64\Destiny.dll	Destiny.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\TabRoaming	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\PrivacIE\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk	ie4uinit.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81098B6C-2E92-11EF-8144-CE80800B5EC6}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\Favorites	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IECompatCache\Low	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-2845162440\msapplication.xml	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~\Suggested Sites~.feed-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized	IEXPLORE.EXE
File opened for modification	C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini	ie4uinit.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81098B61-2E92-11EF-8144-CE80800B5EC6}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Feeds\FeedsStore.feedsdb-ms	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357	IEXPLORE.EXE
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{81098B61-2E92-11EF-8144-CE80800B5EC6}.dat	IEXPLORE.EXE
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{81098B63-2E92-11EF-8144-CE80800B5EC6}.dat	IEXPLORE.EXE
File created	C:\Windows\system32\config\systemprofile\Favorites\Links\Suggested Sites.url	IEXPLORE.EXE

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Common Files\ODBC\Destiny.exe	011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe
File created	C:\Program Files (x86)\Common Files\ODBC\Destiny.exe	011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\RAV2007.BAT	011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup\HaveCreatedQuickLaunchItems = "1"	ie4uinit.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\LowCache	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Flags = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore\Count = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\AppDataLow	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-25-62-8b-24-61\WpadDecision = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\Version = "*"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore\Blocked = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021494-0000-0000-C000-000000000046}\Enum\Implementing = 1c00000001000000e807060003001300170014002000a70200000000	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\User Preferences	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Setup	ie4uinit.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Passport\LowDAMap	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\BrowserEmulation\TLDUpdates = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\Flags = "1024"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\92-25-62-8b-24-61\WpadDecisionTime = c0c905469fc2da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Suggested Sites	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable\PostSetup\Component Categories64\{00021493-0000-0000-C000-000000000046}\Enum	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B4F3A835-0E21-4959-BA22-42B3008E02FF}	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\Links	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{51313AF2-939A-4BAE-9682-C632F71EE331}\WpadDecisionTime = c0c905469fc2da01	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\{51313AF2-939A-4BAE-9682-C632F71EE331}\WpadNetworkName = "Network 3"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\Flags = "512"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "425001094"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\TopResultURLFallback = "http://www.bing.com/search?q={searchTerms}&src=IE-TopResult&FORM=IE11TR"	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\F12	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\KnownProvidersUpgradeTime = 20db38479fc2da01	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Discardable	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	IEXPLORE.EXE
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	IEXPLORE.EXE

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2608	Destiny.exe
Token: SeDebugPrivilege	2976	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 8 IoCs

pid	Process
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2848	IEXPLORE.EXE
2848	IEXPLORE.EXE
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE
2608	Destiny.exe
2608	Destiny.exe
2976	IEXPLORE.EXE
2976	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 2848	2608	Destiny.exe	29
PID 2608 wrote to memory of 2848	2608	Destiny.exe	29
PID 2608 wrote to memory of 2848	2608	Destiny.exe	29
PID 2608 wrote to memory of 2848	2608	Destiny.exe	29
PID 1252 wrote to memory of 2964	1252	011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe	30
PID 1252 wrote to memory of 2964	1252	011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe	30
PID 1252 wrote to memory of 2964	1252	011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe	30
PID 1252 wrote to memory of 2964	1252	011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe	30
PID 2848 wrote to memory of 2540	2848	IEXPLORE.EXE	32
PID 2848 wrote to memory of 2540	2848	IEXPLORE.EXE	32
PID 2848 wrote to memory of 2540	2848	IEXPLORE.EXE	32
PID 2848 wrote to memory of 2976	2848	IEXPLORE.EXE	33
PID 2848 wrote to memory of 2976	2848	IEXPLORE.EXE	33
PID 2848 wrote to memory of 2976	2848	IEXPLORE.EXE	33
PID 2848 wrote to memory of 2976	2848	IEXPLORE.EXE	33

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\011efc291260ee55db07cf2173fd3e1c_JaffaCakes118.exe"
1⤵
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\SysWOW64\cmd.exe
  cmd /c C:\Windows\RAV2007.BAT
  2⤵
  - Deletes itself
  PID:2964

C:\Program Files (x86)\Common Files\ODBC\Destiny.exe
"C:\Program Files (x86)\Common Files\ODBC\Destiny.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Program Files\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files\Internet Explorer\IEXPLORE.EXE" about:blank
  2⤵
  - Drops file in System32 directory
  - Modifies data under HKEY_USERS
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2848
- - C:\Windows\System32\ie4uinit.exe
    "C:\Windows\System32\ie4uinit.exe" -ShowQLIcon
    3⤵
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    PID:2540
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2848 CREDAT:275457 /prefetch:2
    3⤵
    - Loads dropped DLL
    - Drops file in System32 directory
    - Modifies data under HKEY_USERS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2976

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Common Files\ODBC\Destiny.exe

Filesize
954KB

MD5
011efc291260ee55db07cf2173fd3e1c

SHA1
d4fb34ec689e7824efea57d2b9474ef30b7ffe5e

SHA256
62ea4071ffd09d2020c79c544459a6a30d8d109fa2f68e29966141fca6d0dd8c

SHA512
abc89eb99f0a23d91bf24262329d8f777e967871950380078cdcb0386dfbcd39e9c21c4c0a10f98de0a7527b33e47916f6a4ef5576ac993af577ec332272d4a0

Download Submit
C:\Windows\RAV2007.BAT

Filesize
218B

MD5
1f05ba5e5c5c01f5b30b3e65355cf720

SHA1
8644c043f1de35a6748939bda90dbf23dcca81ff

SHA256
0f30598ea6ffadce9a203c0f98bce670418a767226585a8486ded59c322fbf3b

SHA512
64c3d157040e287b2687d45e1efd9a41b042bb221252f0016c9415bd046dff7fd1f8400af4b1f7694da0c07df7a0836a354ff78b9785bdf1f037e33f762bb517

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
914B

MD5
e4a68ac854ac5242460afd72481b2a44

SHA1
df3c24f9bfd666761b268073fe06d1cc8d4f82a4

SHA256
cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f

SHA512
5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
70KB

MD5
49aebf8cbd62d92ac215b2923fb1b9f5

SHA1
1723be06719828dda65ad804298d0431f6aff976

SHA256
b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

SHA512
bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC

Filesize
252B

MD5
9a6b841916851c4152cbdc401e886da8

SHA1
c77b4a102b81313b1338fa71a02706df582ac9ce

SHA256
11693081663d89af0a9a5a5e9e0ea749f663afd4072e84a8092c2bd79b1e4137

SHA512
bf3f300bbeca8c04bbc87910f1157d06e4932ffeb4649a416b43e7cce1ddbf088745ff74643bfefc81a87bd66eff727fed9b7361b65da31daf59ea1809b8e0e7

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7be3fd13f68d45e70882b90650b7fb4a

SHA1
bdd2fb475eddab91cabd59a771f9f2d844e38b86

SHA256
d5efac0159c6ecb85286d2c2d67d4d1b41c662e563d16a97cb35456db6fbc3cd

SHA512
9b38e65c1f663a7b0413e2263f705d75e054646757c40fb6970818fd50b7a74f3683f04592405532704c34cf928a4314cd883bb8080dfa479899bfda9f7feddb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9f92e906ebdd7a5180db94d6ed286de9

SHA1
60238350833ee3bb72d141b31b8b5f2af2ce953a

SHA256
50d91064c5bd4b701fa59b6ad92ec00d6628cfed0fa658512106c82653c2c23e

SHA512
0941be8bbc068290abd4237a5f931a43d25a00ffde230b65d35952694ce0478b972ff590653aba0e2a466928deee79c19e99660c269a5d76e095fb3c3ac3a3af

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
17d14a063402afa909c3e0252c115a16

SHA1
9e62d33031dc5567d41601c76ce3f3b487ed512e

SHA256
a2b0e5497ca147c58205de2bc7ba67da489508b1bdd92e47e490ed4ba2ec6ac2

SHA512
0e6161f677eb7ebcf51bd5fc393a21a9e1cf34dd458149bd2f7327f01c3060f48e5a33e399f941b8ef63a27530c2a590e01bfe851e347a3a9e30a6c1ad33b3dc

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
23c92b63bbe1c429476cff61544bff4d

SHA1
cd4758717287f9f03caec2dddae529d85352583b

SHA256
ad538a0dc32297f73a2471edc02d7c4a2bed03cf97068f870f457f3ff3ebe1a9

SHA512
3ab3867883edc283d32feb0cc86112b91c58483df2eddf2924b05ca74d6267aaa5c2e34f8835c7f241f17e7b5411092598939dde9bd997d03bcdfd58be479f58

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
30d79cd4b6954c307dd5bb3b8d20f38e

SHA1
df6cb6fc936434c6834fa2716e41a6dd0923ac7f

SHA256
ecdf3b939b78eb453830d376eea49e1a6958949096cc56cfce976d9ec12386d5

SHA512
a40929c504e6b4bd15d61c18f0cd7219bd5a3effdb3cfa15d35c9cc91cdd02a526b6677520394f72089b30d40e85afc6b03dbc11ec7ff7a6384248236d76ebcd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
92798050c05b200ee1cea651092efd8e

SHA1
970b64055ccc12705346459034f6664bc451e7b6

SHA256
cd0fafd29c53b522e099d9ed01cf9e2eb4ca6d763a684b5d7f2da0b3b6f8ff38

SHA512
25b7b00992a0b2aca5d821ae79abda11b7b2a456c7a9475d6c3e08fe404354e77b53c067b0164fc4719ad92edd355b849ccd6ed48d2c8d138b4414a8fe2a01fe

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f0c8639fc0dc35bcb28c7c8d9924a35c

SHA1
fc9605568680e24c60d87bf817cb0fb43430bc44

SHA256
d47fec3a323618e0745012a5107eee6563483f154cd9c1de96a3b2c6c4fcd038

SHA512
dcbf27cb51dfc71dfc3e388616802797c00e179494fc36f74787ad75b77c9e9d86a56acbad9fc6d30c147ecc4a751acb16542af61e6f75693ffd657184d53e34

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
7b562f3578a5cbc0af3eb3368f7ca0c1

SHA1
30a08082ee116f9431943fbfcf92de53e492d2a3

SHA256
bc872481e1e08f1d00165f3a9be962d4b854865f9afb587111e90f23a7397033

SHA512
cbe50edb243243b72696386e8b1b6bc65d70b69b406f589bfdb4c75556cbccbdb81cba12621f9727f2caa56d5fabcb074487b4be7b4906449e8ec750691619cd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d84e793ac6f0c4b37f48b4d0bd6ae6c3

SHA1
4abe446275306408dda1fbe95379a846515242b4

SHA256
a9168222f22c592fc7fc4bcfb401582bd84e8800faf985ab5ab05d8db94ea38a

SHA512
dcb5f4b93fd520c72d39e89e261d6bd9efe06fcd61dd1b8fc4a58f391196b737ec2d5fb872f22deba29af41d7760659181d14e121925021dc9c48cf3affc25d4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b0553dab92f74d240e22abdfdce5c30d

SHA1
33631f76f9f4df0a5e76d8b1b152ee6d1d611eff

SHA256
caaac7ba3dc5e349fafa1d54c8376443e388056f659d152ddd196871d29bf3b4

SHA512
bb302333e708d1503e438c83765520b410697f5d0669b2587462c002de840e77398b8a810e5d9b0bc88cad9e840cc42ee9562447c92fad855c224c45ad6c5f49

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
2ae287cff5fb2e9de7e407b791979dc7

SHA1
16b8312a11473b950807f449dba2e7a58eb1b2ba

SHA256
cbbeb2fa0ccad417f92934f8cf02a79bed1cbe71836d13801aa769ce9e64a7da

SHA512
ba9a8f96caa2d8c3af343eeca9dd67012e807d69cfdbbbecde44f9b983289e569cf70aed61f2c2102a65bdefcfeed335b29a7226ed080591d017ed461b074e73

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
a4381e9d40988314e04828c1bf4b7988

SHA1
59b1c0adf8dbf761cfa2adaac6604b13c32ab8fd

SHA256
be05c6553eb1ba0f49deeded1b931565b7bfbb72b33952ab6723c77d45b84c61

SHA512
52cd366737afd81763d4b15bff5d64308224434e556fea54109a5e6067c4490c942baee314a089e242dfca80748e27f6c8607820c370ded74aa66d636a270efe

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
de15b770f468894004f0ce6c4b570c2a

SHA1
81916494b1428428fde8bde7a8a76dc9f9d7b825

SHA256
8d8e0b796dfb9fbd6dba45016824d0a9399a832add75af9074194523f999ad48

SHA512
3dee9074a9c1ae7171e88fcab381ac84fb4b2cada209249625b411437fb2860a6cbaf9eab08590a6e372d688e2433bf92c751371a61c515f76456fdb9d143b4e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
781779a6071ab7623e0bfd04bb7ef211

SHA1
d6ee8933ea7fe7cf270176ecb6f23229d6bb8629

SHA256
22ba40c0502847865676917cf6cf7d9feda0135b52de43fd2b6f1d174727d472

SHA512
6a74756c09d41b6939d184da80ad3b8c44004951a8b71fa34081e638d836ed43118c54fad195367859512af6d3fbfb8251448a2f1776ed7401b9d50049364d1a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
9b0d3f57fe42cd2b858591c7d2d67e64

SHA1
919b0e512cb39977b0fa912bd4f9a2e37bf19480

SHA256
dad09193fb490225364d1b8e389b6f37ec65516ecd13f997fbf9f623fa971f18

SHA512
b9615b5c6c0f6426f45cf3e4f24bc68149977c045dd1107d96ffee11b9ba14c6889727342e24ff24e6da058fc3c364bad940a9489cdc2e57990fb5fad7f48da2

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
1c81a5315b54980a880015acda23e788

SHA1
d2b248a23b1e522bb75d7f898462ac69b323b4e9

SHA256
39bb8799e97006b016c60274532cca7577b6a1a41c9f520d6d6b6814c2f5eed6

SHA512
8a4617834f14167dd5fc26042685a30e92b1b224d82a8920a354abb77ef5300cfbf47c6f4dbd715c797aa00e58a1508bb0d6ca07f80beb89925ce8de2f5b34fb

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
8c51a8d44d5c8a27d86661d3f60794b2

SHA1
f217f3efdc505653c22eebf1d14b16a2929f88a0

SHA256
07c4de9e91a13c59ce6be6a711b83aceff98a04bf3bb72cfb480031ca0a40be9

SHA512
2cc7d882721e193146a54f35bdfd1bbc618d1e472587b4299c9cb4d7e551a1622897a9eac3d3bd32b31fad25fceac1b42365ddebe939f9e61e2c3c54fe8fad1e

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
408718897705a57676dd3a08d45c681c

SHA1
b69d5d6e7a3291f1e383d5f208a44a1217cc427c

SHA256
8d2546ce72f58eba1e732880bf917b3ee9c7fd14c57b7a932a8bb1ac992fbb49

SHA512
6ae09a8dd0f2d0c9cd9324a213598ac0849f53ef33a7203d442a6b57ea1f844e1f6c68343a7cce111d363546ff8938f511a7983eeaf214360dc137954dde21cd

Download Submit
C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
195B

MD5
a1fd5255ed62e10721ac426cd139aa83

SHA1
98a11bdd942bb66e9c829ae0685239212e966b9e

SHA256
d3b6eea852bacee54fbf4f3d77c6ec6d198bd59258968528a0231589f01b32f4

SHA512
51399b4eac1883f0e52279f6b9943d5a626de378105cadff2b3c17473edf0835d67437ae8e8d0e25e5d4b88f924fa3ac74d808123ec2b7f98eff1b248a1ab370

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
236B

MD5
11cede0563d1d61930e433cd638d6419

SHA1
366b26547292482b871404b33930cefca8810dbd

SHA256
e3ab045d746a0821cfb0c34aee9f98ce658caab2c99841464c68d49ab2cd85d9

SHA512
d9a4cdd3d3970d1f3812f7b5d21bb9ae1f1347d0ddfe079a1b5ef15ec1367778056b64b865b21dd52692134771655461760db75309c78dc6f372cc4d0ab7c752

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\Suggested Sites.url

Filesize
129B

MD5
2578ef0db08f1e1e7578068186a1be0f

SHA1
87dca2f554fa51a98726f0a7a9ac0120be0c4572

SHA256
bdc63d9fd191114227a6e0ac32aaf4de85b91fc602fcb8555c0f3816ac8620b3

SHA512
b42be0e6f438362d107f0f3a7e4809753cf3491ab15145f9ffa4def413606243f4dfffc0449687bd1bb01c653e9339e26b97c286382743d14a2f0ed52e72f7ee

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\Links\desktop.ini

Filesize
80B

MD5
3c106f431417240da12fd827323b7724

SHA1
2345cc77576f666b812b55ea7420b8d2c4d2a0b5

SHA256
e469ed17b4b54595b335dc51817a52b81fcf13aad7b7b994626f84ec097c5d57

SHA512
c7391b6b9c4e00494910303e8a6c4dca5a5fc0c461047ef95e3be1c8764928af344a29e2e7c92819174894b51ae0e69b5e11a9dc7cb093f984553d34d5e737bb

Download Submit
C:\Windows\System32\config\systemprofile\Favorites\desktop.ini

Filesize
402B

MD5
881dfac93652edb0a8228029ba92d0f5

SHA1
5b317253a63fecb167bf07befa05c5ed09c4ccea

SHA256
a45e345556901cd98b9bf8700b2a263f1da2b2e53dbdf69b9e6cfab6e0bd3464

SHA512
592b24deb837d6b82c692da781b8a69d9fa20bbaa3041d6c651839e72f45ac075a86cb967ea2df08fa0635ae28d6064a900f5d15180b9037bb8ba02f9e8e1810

Download Submit
C:\Windows\Temp\Cab6E81.tmp

Filesize
29KB

MD5
d59a6b36c5a94916241a3ead50222b6f

SHA1
e274e9486d318c383bc4b9812844ba56f0cff3c6

SHA256
a38d01d3f024e626d579cf052ac3bd4260bb00c34bc6085977a5f4135ab09b53

SHA512
17012307955fef045e7c13bf0613bd40df27c29778ba6572640b76c18d379e02dc478e855c9276737363d0ad09b9a94f2adaa85da9c77ebb3c2d427aa68e2489

Download Submit
C:\Windows\Temp\Tar6E93.tmp

Filesize
81KB

MD5
b13f51572f55a2d31ed9f266d581e9ea

SHA1
7eef3111b878e159e520f34410ad87adecf0ca92

SHA256
725980edc240c928bec5a5f743fdabeee1692144da7091cf836dc7d0997cef15

SHA512
f437202723b2817f2fef64b53d4eb67f782bdc61884c0c1890b46deca7ca63313ee2ad093428481f94edfcecd9c77da6e72b604998f7d551af959dbd6915809c

Download Submit
C:\Windows\Temp\Tar709E.tmp

Filesize
181KB

MD5
4ea6026cf93ec6338144661bf1202cd1

SHA1
a1dec9044f750ad887935a01430bf49322fbdcb7

SHA256
8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

SHA512
6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

Download Submit
\Windows\SysWOW64\Destiny.dll

Filesize
594KB

MD5
e171d69e434886f09187b37cd418d7ac

SHA1
f4070b895d3b108777b8c83c45edcb014a2c6c39

SHA256
ca2392fe3ed2cebed2c7046c4a34eefe231da6a2ddd8411fbd3debd10627288a

SHA512
213513824dfc4c04df9cc5fa0d992164fa1b2ec58614235968f5adf315187961bf0216e650e7dc0bf82faba5d1eeecd5a9d85b8fe8c1874afc6c7b497481e0b8

Download Submit
memory/1252-19-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1252-27-0x00000000005E0000-0x00000000005E1000-memory.dmp

Filesize
4KB

Download
memory/1252-45-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1252-1-0x0000000000380000-0x00000000003D4000-memory.dmp

Filesize
336KB

Download
memory/1252-2-0x0000000000320000-0x0000000000321000-memory.dmp

Filesize
4KB

Download
memory/1252-3-0x0000000000280000-0x0000000000281000-memory.dmp

Filesize
4KB

Download
memory/1252-4-0x0000000000350000-0x0000000000351000-memory.dmp

Filesize
4KB

Download
memory/1252-5-0x0000000000260000-0x0000000000261000-memory.dmp

Filesize
4KB

Download
memory/1252-6-0x0000000000250000-0x0000000000251000-memory.dmp

Filesize
4KB

Download
memory/1252-7-0x0000000000340000-0x0000000000341000-memory.dmp

Filesize
4KB

Download
memory/1252-11-0x0000000000360000-0x0000000000361000-memory.dmp

Filesize
4KB

Download
memory/1252-8-0x0000000000330000-0x0000000000331000-memory.dmp

Filesize
4KB

Download
memory/1252-9-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/1252-14-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/1252-15-0x0000000003210000-0x0000000003212000-memory.dmp

Filesize
8KB

Download
memory/1252-16-0x0000000000530000-0x0000000000531000-memory.dmp

Filesize
4KB

Download
memory/1252-17-0x0000000000510000-0x0000000000511000-memory.dmp

Filesize
4KB

Download
memory/1252-18-0x00000000005A0000-0x00000000005A1000-memory.dmp

Filesize
4KB

Download
memory/1252-0-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/1252-20-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1252-21-0x0000000000590000-0x0000000000591000-memory.dmp

Filesize
4KB

Download
memory/1252-22-0x0000000000540000-0x0000000000541000-memory.dmp

Filesize
4KB

Download
memory/1252-23-0x00000000005B0000-0x00000000005B1000-memory.dmp

Filesize
4KB

Download
memory/1252-24-0x0000000000500000-0x0000000000501000-memory.dmp

Filesize
4KB

Download
memory/1252-25-0x0000000002330000-0x0000000002331000-memory.dmp

Filesize
4KB

Download
memory/1252-26-0x0000000002000000-0x0000000002001000-memory.dmp

Filesize
4KB

Download
memory/1252-10-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/1252-32-0x0000000000230000-0x0000000000231000-memory.dmp

Filesize
4KB

Download
memory/1252-46-0x0000000000380000-0x00000000003D4000-memory.dmp

Filesize
336KB

Download
memory/1252-28-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/1252-29-0x0000000002350000-0x0000000002351000-memory.dmp

Filesize
4KB

Download
memory/1252-30-0x0000000002340000-0x0000000002341000-memory.dmp

Filesize
4KB

Download
memory/1252-31-0x0000000000220000-0x0000000000221000-memory.dmp

Filesize
4KB

Download
memory/2608-744-0x0000000003750000-0x0000000003845000-memory.dmp

Filesize
980KB

Download
memory/2608-743-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download
memory/2608-167-0x0000000003750000-0x0000000003845000-memory.dmp

Filesize
980KB

Download
memory/2608-34-0x0000000000400000-0x00000000004FE000-memory.dmp

Filesize
1016KB

Download